What is claimed is: 



1 1 . An apparatus comprising: 

2 a configuration storage storing configuration settings to configure an access transaction 
• 3 generated by a processor having a normal execution mode and an isolated execution mode, the 

4 configuration settings including a plurality of subsystem memory range settings, the access 

5 transaction including access information; and 

6 a multi-memory zone access checking circuit coupled to the configuration storage to 

7 check the access transaction using at least one of the configuration settings and the access 

8 information, the multi -memory zone access checking circuit generating an access grant signal if 

9 the access transaction is valid. 

1 2. The apparatus of claim 1 wherein the access information includes a physical 

2 address. 

1 3. The apparatus of claim 2 wherein the configuration storage further comprises a 

2 process control register storing an execution mode word, the execution mode word being 

3 asserted as an execution mode signal when the processor is configured in the isolated execution 

4 mode. 

1 4. The apparatus of claim 3 wherein the configuration settings include a memory 

2 mask value, a memory base value, and a memory length value, a combination of at least two of 

3 the mask, base, and length values to define an isolated memory area in a memory external to the 

4 processor, the isolated memory area being accessible to the processor in the isolated execution 

5 mode. 
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1 5. The apparatus of claim 3 wherein each subsystem memory range setting 

2 conresponds to a memory zone for a subsystem in an isolated memory area in a memory external 

3 to the processor. 

1 6. The apparatus of claim 5 wherein each subsystem memory range setting includes 

2 a subsystem memory mask value, a subsystem memory base value, and a subsystem memory 

3 length value, a combination of at lease two of the subsystem mask, base, and length values to 

4 define a memory zone in the isolated memory area for the subsystem. 

1 7. The apparatus of claim 6 wherein an ID value for each subsystem identifies each 

2 subsystem and the subsystem's associated memory zone as defined by the subsystem memory 

3 range setting. 

1 8. The apparatus of claim 6 wherein the multi-memory zone access checking circuit 

2 comprises a subsystem address detector to detect if the physical address is within a currently 

3 active subsystem's associated memory zone as defined by the subsystem memory range setting 

4 for the subsystem, the subsystem address detector generating a subsystem address matching 

5 signal. 

1 9. The apparatus of claim 8 wherein the multi-memory zone access checking circuit 

2 fiirther comprises an access grant generator coupled to the subsystem address detector and the 

3 processor control register, the access grant generator generating an access grant signal if both the 

4 subsystem address matching signal and the execution mode word signal are asserted. 

1 10. A method comprising: 

2 configuring an access transaction generated by a processor having a normal execution 

3 mode and an isolated execution mode using a configuration storage storing configuration 
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4 settings, the configuration settings including a plurality of subsystem memory range settings, the 

5 access transaction including access information; 



6 checking the access transaction by a multi-memory zone access checking circuit using at 

7 least one of the configuration settings and the access information; and 

8 generating an access grant signal if the access transaction is valid. 

1 11. The method of claim 1 0 wherein the access information includes a physical 

2 address. 

1 12. The method of claim 1 1 wherein the configuration storage comprises a process 

2 control register storing an execution mode word, the execution mode word being asserted as an 

3 execution mode signal when the processor is configured in the isolated execution mode. 

1 13. The method of claim 12 wherein the configuration settings include a memory 

2 mask value, a memory base value, and a memory length value, a combination of at least two of 

3 the mask, base, and length values to define an isolated memory area in a memory external to the 

4 processor, the isolated memory area being accessible to the processor in the isolated execution 

5 mode. 

1 14. The method of claim 12 wherein each subsystem memory range setting 

2 corresponds to a memory zone for a subsystem in an isolated memory area in a memory external 

3 to the processor. 

4 15. The method of claim 1 4 wherein each subsystem memory range setting includes a 

5 subsystem memory mask value, a subsystem memory base value, and a subsystem memory 

6 length value, a combination of at lease two of the subsystem mask, base, and length values to 

7 define a memory zone in the isolated memory area for the subsystem. 
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1 1 6. The method of claim 15 wherein configuring the access transaction further 

2 comprises storing an ID value for each subsystem to identify each subsystem and the 

3 subsystem's associated memory zone as defined by the subsystem memory range setting. 

1 17. The method of claim 15 wherein checking the access transaction comprises 



2 detecting if the physical address is within a currently active subsystem's associated memory zone 

3 as defined by the subsystem memory range setting for the subsystem by a subsystem address 

4 detector, the subsystem address detector generating a subsystem address matching signal. 

1 1 8. The method of claim 17 wherein generating an access grant signal if the access 

2 transaction is valid comprises generating an access grant signal by an access grant generator if 

3 both the subsystem address matching signal and the execution mode word signal are asserted. 

1 19. A computer program product comprising: 

2 a machine readable medium having computer program code therein, the computer 

3 program product comprising: 

4 computer readable program code for configuring an access transaction generated by a 

5 processor having a normal execution mode and an isolated execution mode using a configuration 

6 storage storing configuration settings, the configuration settings including a plurality of 

7 subsystem memory range settings, the access transaction including access information; 

8 computer readable program code for checking the access transaction by a multi-memory 

9 zone access checking circuit using at least one of the configuration settings and the access 

10 information; and 

11 computer readable program code for generating an access grant signal if the access 

12 transaction is valid. 
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1 20. The computer program product of claim 19 wherein the access information 

2 includes a physical address. 

1 21. The computer program product of claim 20 wherein the configuration storage 

2 comprises a process control register storing an execution mode word, the execution mode word 

3 being asserted as an execution mode signal when the processor is configured in the isolated 

4 execution mode. 

1 22, The computer program product of claim 2 1 wherein the configuration settings 

2 include a memory mask value, a memory base value, and a memory length value, a combination 

3 of at least two of the mask, base, and length values to define an isolated memory area in a 

4 memory external to the processor, the isolated memory area being accessible to the processor in 

5 the isolated execution mode. 

1 23. The computer program product of claim 2 1 wherein each subsystem memory 

2 range setting corresponds to a memory zone initiated for a subsystem in an isolated memory area 

3 in a memory external to the processor. 

1 24. The computer program product of claim 23 wherein each subsystem memory 

2 range setting includes a subsystem memory mask value, a subsystem memory base value, and a 

3 subsystem memory length value, a combination of at lease two of the subsystem mask, base, and 

4 length values to define a memory zone in the isolated memory area for the subsystem. 

1 25. The computer program product of claim 24 wherein the computer readable 

2 program code for configuring the access transaction fiirther comprises computer readable 

3 program code for storing an JD value for each subsystem to identify each subsystem and the 

4 subsystem's associated memory zone as defined by the subsystem memory range setting. 
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1 26. The computer program product of claim 24 wherein the computer readable 

2 program code for checking the access transaction comprises computer readable program code for 

3 detecting if the physical address is within a currently initialized subsystem's associated memory 

4 zone as defined by the subsystem memory range setting for the subsystem by a subsystem 

5 address detector, the subsystem address detector generating a subsystem address matching 

6 signal. 



1 27. The computer program product of claim 26 wherein the computer readable 

2 program code for generating an access grant signal if the access transaction is valid comprises 

3 computer readable program code for generating an access grant signal by an access grant 

4 generator if both the subsystem address matching signal and the execution mode word signal are 

5 asserted. 

1 28. A system comprising: 

2 a chipset; 

3 a memory coupled to the chipset having an isolated memory area; 

4 a processor coupled to the chipset and the memory having an access manager, the 

5 processor having a normal execution mode and an isolate execution mode, the processor 

6 generating an access transaction having access information, the access manager comprising: 

7 a configuration storage storing configuration settings to configure an access transaction 

8 generated by the processor, the configuration settings including a plurality of subsystem memory 

9 range settings; and 

10 a multi-memory zone access checking circuit coupled to the configuration storage to 

11 check the access transaction using at least one of the configuration settings and the access 
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12 information, the multi-memory zone access checking circuit generating an access grant signal if 

13 the access transaction is valid. 

1 29. The system of claim 28 wherein the access information includes a physical 

2 address. 

1 30. The system of claim 29 wherein the configuration storage further comprises a 

2 process control register storing an execution mode word, the execution mode word being 

3 asserted as an execution mode signal when the processor is configured in the isolated execution 

4 mode. 

1 31. The system of claim 30 wherein the configuration settings include a memory 

2 mask value, a memory base value, and a memory length value, a combination of at least two of 

3 the mask, base, and length values to define an isolated memory area in a memory external to the 

4 processor, the isolated memory area being accessible to the processor in the isolated execution 

5 mode. 

1 32. The system of claim 30 wherein each subsystem memory range setting 

2 corresponds to a memory zone for a subsystem in an isolated memory area in a memory extemal 

3 to the processor. 

1 33. The system of claim 32 wherein each subsystem memory range setting includes a 

2 subsystem memory mask value, a subsystem memory base value, and a subsystem memory 

3 length value, a combination of at lease two of the subsystem mask, base, and length values to 

4 define a the memory zone in the isolated memory area for the subsystem. 

1 34. The system of claim 33 wherein an ID value for each subsystem to identifies each 

2 subsystem and the subsystem's associated memory zone as defined by the subsystem memory 

3 range setting. 



042390.P9654 



-35- 



Patent Application 



1 35. The system of claim 33 wherein the multi-memory zone access checking circuit 

2 comprises a subsystem address detector to detect if the physical address is within a currently 

3 active subsystem's associated memory zone as defined by the subsystem memory range setting 

4 for the subsystem, the subsystem address detector generating a subsystem address matching 

5 signal. 

1 36. The system of claim 35 wherein the multi-memory zone access checking circuit 

2 further comprises an access grant generator coupled to the subsystem address detector and the 

3 processor control register, the access grant generator generating an access grant signal if both the 

4 subsystem address matching signal and the execution mode word signal are asserted. 
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